I am running apache on EC2 Redhat Linux.
Server version: Apache/2.2.15
Red Hat Enterprise Linux Server release 6.4 (Santiago)
I have ldap attache to it. I would like to have uses not enter id or password when then type my application url in web browser.
Is there a way to do it?
Here is my httpd.conf
<location />
AuthType Basic
AuthBasicProvider ldap
AuthName "Web Console Authentication"
AuthLDAPBindDN <user>
AuthLDAPBindPassword <password>
AuthLDAPURL <ldapusl>
AuthUserFile /dev/null
require valid-user
</location>
but this needs user to enter ID and password?
Please let me know if you need any information.
Thanks for your help.
Based on your response to comments you're going to need to use mod_ntlm for that
Related
Initially I have installed apache server 2.4 in windows server 2012 R2 and i have installed apache subversion 1.8.7 and i have copied module files(.so files) from subversion to apache server.I have created a repository. I have setup the "AuthUserFile" and "AuthzSVNAccessFile" I have given following code in httpd.conf
<Location /project1>
DAV svn
SVNPath E:\svn_testing\project1
AuthType Basic
AuthName "Subversion Project1 repository"
AuthUserFile c:/etc/svn-auth-file
Require valid-user
AuthzSVNAccessFile c:/etc/svn-acl
</Location>
I have used tortoise svn client to connect to repository which i have successfully connected I have successfully created files,commit the files.
Later i want to setup authentication with the active directory I have added following code in http.conf file
<Location /project1>
DAV svn
SVNPath E:\svn_testing\project1
SVNParentPath E:\svn_testing
SVNListparentPath on
Order allow,deny
Allow from all
AuthType Basic
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
AuthName "Active_directory_integration"
AuthzSVNAccessFile C:\etc\svn-acl
AuthLDAPURL "ldap://***********(ip address):389/DC=*******,DC=com?sAMAccountName?sub?(objectClass=*)"
#this assumes you have created a dedicated bind user "apache_bind" on your active directory
AuthLDAPBindDN "CN=Administrator,CN=users,DC=*******,DC=com"
#warning: this password for AD apache_bind user is in plain text!
AuthLDAPBindPassword *************
#AuthLDAPFollowReferrals off
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
#SSLRequireSSL
require ldap-group OU=********,DC=********,DC=com
#require valid-user
</Location>
But when i try to restart the server apache server it is showing "The Requested operation has failed" I have checked the log files but there is nothing there
It seem you are trying to search the whole AD-Catalog, as you do not specify any OU. this is not supported by Windows AD. However the whole Catalog is available by using port 3268
Please try this:
AuthLDAPURL "ldap://***********(ip address):3268/DC=*******,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPGroupAttribute member
require ldap-group OU=********,DC=********,DC=com
Organizational Units (ou) dont have the attribute member, according to https://msdn.microsoft.com/en-us/library/ms683886(v=vs.85).aspx.
You should try the DN of the group you want to access your repo.
On my server this would look like this:
require ldap-group cn=thegroup,ou=groups,dc=example,dc=com
Notice the cn, which is a groupOfNames with the member attribute in my case.
Is it possible to use LDAP authentification via .htaccess with MAMP?
I think I need to include/enable the Apache-Module but I'm not sure how to do it?
Thanks for your help!
Enalble it
a2enmod authnz_ldap
a2enmod ldap
/etc/init.d/apache2 restart
In htaccess you use
AuthType Basic
AuthName "secured site"
AuthBasicProvider ldap
AuthLDAPUrl "ldap://server/ou=People,dc=example,dc=local"
AuthLDAPBindDN "cn=reader,dc=example,dc=local"
AuthLDAPBindPassword the_secret_one
AuthzLDAPAuthoritative Off
Require valid-user
Using wamp server with apache 2.4.4
I have a directory that I want to protect with .htaccess file:
AuthBasicProvider ldap
AuthType Basic
AuthName "Authentication required "
AuthLDAPUrl "ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=dt,dc=mycompany,dc=local"
AuthLDAPBindPassword "password"
Require valid-user
I have AllowOverride all set in httpd.conf.
I have all LoadModule directives uncommented in httpd.conf
I can successfully create connection to the ldap using Apache Directory Studio using these BindDN and password.
I can also successfully query ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*) using Windows Explorer
EDIT:
I get the authentication window as it should be but whatever creditentials I enter I get Internal Server Error 500.
Any suggestions?
I'll first start with my setup. For this we have 2 servers
Server1 is going to be used for all the sourcecode, files, etc..,
And on Server2 we have all our user information and logins.
Both servers are running on Centos 6.4
Now we want to setup a SVN repository on server1 thats working with apache (httpd) and has a LDAP authentication that uses accounts from server 2.
Previously i set up a CVS repo aswel so i'm 100% sure ldap is working.
My SVN repo is working as it should with apache, but i just can't seem to set my ldap authentication correctly.
I've been looking for a few days now and i don't know what to do anymore.
My /etc/httpd/conf.d/subversion.conf looks like the following
<Location /svn>
DAV svn
SVNPath /var/www/svn/testProject
AuthType Basic
AuthName "My repo"
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://192.168.1.2:389/cn=users,dc=server2,dc=intranet,dc=myCompany,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthUserFile /var/www/svn-auth-conf
Require valid-user
#AuthzSVNAccessFile /var/www/svn-acces-control
my /etc/openldap/ldap.conf on server1 looks like this
REFERRALS off
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://macserver.intranet.zappware.com
BASE cn=users,dc=server2,dc=intranet,dc=myCompany,dc=com
On server1 i have root access so i am able to setup it up correctly.
When i go to Server2 on my user account i can do a ldapsearch like this
userM$ ldapsearch -x -b cn=users,dc=server2,dc=intranet,dc=myCompany,dc=com
I get all the user accounts on that server
but when i try ldapsearch -x -b cn=users,dc=server2,dc=intranet,dc=myCompany,dc=com -W sAMAccount
Server2 asks me for the LDAP password. But i don't have that password, and our previous IT manager who did all the server stuff, has left the company.
so i thought i could just make another password and put in in the
/etc/openldap/slapd.conf
but when i check that file on server 2 its just empty
Hopefully there is someone who could give me some new and helpfull tips on how to solve this
Ok i solved it
Changed my LDAPURL cause there was no need for me to bind it.
<Location /svn>
DAV svn
SVNPath /var/www/svn/testProject
AuthBasicProvider ldap
AuthType Basic
AuthName "My repo"
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.1.2:389/cn=users,dc=server2,dc=intranet,dc=myCompany,dc=com" NONE
Require valid-user
</Location>
I forgot to declare the AuthBasicProvider ldap
hope this can be useful to others
I want to make a web directory protectde by htaccess and LDAP users in certain OU's can access it.
I've googled all day and I couldn't make it happen. I've using Apache 2.2 on Ubuntu Server 10.04 LTS. Here is my htaccess:
AuthType Basic
AuthName "LOGIN"
AuthUserFile /dev/null
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://SERVER_IP/ou=users,dc=domain,dc=TLD,dc=ccTLD?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=user,dc=domain,dc=TLD,dc=ccTLD"
AuthLDAPBindPassword passwd
#I've tried all of below:
#Require valid-user # This works just fine. But i don't want everyone can login.
#Require ldap-group ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD # Tried this one and failed.
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD) # tried this one and also failed.
Thank you very much.
I found the problem. You shouldn't use brackets around the ldap-filter attribute.
This:
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD)
Should be like this:
Require ldap-filter ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD